CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5227
https://notcve.org/view.php?id=CVE-2019-5227
29 Nov 2019 — P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. Los teléfonos inteligentes P30, P30 Pro... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en • CWE-346: Origin Validation Error •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5224
https://notcve.org/view.php?id=CVE-2019-5224
29 Nov 2019 — P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21) have an out of bounds read vulnerability. The system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause out of bounds read and information disclosure. Los teléfonos inteligentes P30 con versiones anteriores a ELLE-AL00B 9.1.0.193(C00E190R1P21), presentan una vulnerabilidad de lectura fuera de l... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-03-smartphone-en • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-5225
https://notcve.org/view.php?id=CVE-2019-5225
29 Nov 2019 — P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution. Los teléfon... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-02-smartphone-en • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5226
https://notcve.org/view.php?id=CVE-2019-5226
29 Nov 2019 — P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. Los teléfonos inteligentes P30, P30 Pro... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en • CWE-346: Origin Validation Error •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5288
https://notcve.org/view.php?id=CVE-2019-5288
13 Nov 2019 — P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution. Los teléfonos inteligentes P30 con versiones anteriores a ELLE-A... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5287
https://notcve.org/view.php?id=CVE-2019-5287
13 Nov 2019 — P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution. Los teléfonos inteligentes P30 con versiones anteriores a ELLE-A... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5231
https://notcve.org/view.php?id=CVE-2019-5231
12 Nov 2019 — P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package. Teléfonos Inteligentes P30 con versiones anteriores a ELLE-AL00B 9.1.0.186(C00E180R2P1), presentan una vulnerabilidad de autorización inapropiada. El software realiza incorrectamente una comprobación de autoriza... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190930-01-smartphone-en • CWE-863: Incorrect Authorization •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5229
https://notcve.org/view.php?id=CVE-2019-5229
12 Nov 2019 — P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause malicious code execution. Teléfonos Inteligentes P30 con versiones anteriores a ELLE-AL00B 9.1.0.193(C00E190R2P1), presentan una vulnerabilidad de comprobación insuficiente. El sistema no comprueba ciertos par... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-02-smartphone-en • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-5228
https://notcve.org/view.php?id=CVE-2019-5228
12 Nov 2019 — Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could ... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphone-en • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5307
https://notcve.org/view.php?id=CVE-2019-5307
04 Jun 2019 — Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-en • CWE-294: Authentication Bypass by Capture-replay •